Gitiles
Code Review Sign In
gerrit.osmocom.org / simtrace2 / 96e62a4664970cb3582aa91657581c116b6dfc4e / . / usb_application / mitm.py
blob: 4b53bc77217fc29988dd6f1498e23df3f0ca0fd3 [file] [log] [blame]
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]1import usb.core
2import usb.util
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]3import array
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]4
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]5from ccid_raw import SmartcardConnection
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]6from smartcard_emulator import SmartCardEmulator
Christina Quast425717d2015-05-14 17:20:55 +0200[diff] [blame]7from gsmtap import gsmtap_send_apdu
Christina Quast95270b12015-04-04 19:59:03 +0200[diff] [blame]8
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]9from contextlib import closing
10
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]11from util import HEX
Christina Quast9547e9f2015-04-14 22:18:30 +0200[diff] [blame]12from constants import *
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]13from apdu_split import Apdu_splitter, apdu_states
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]14
Christina Quastad6f4d32015-06-24 15:44:36 +0200[diff] [blame]15from replace import replace
16
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]17def pattern_match(inpt):
18 print("Matching inpt", inpt)
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]19 if (inpt == ATR_SYSMOCOM1) or (inpt == ATR_STRANGE_SIM):
20 print("ATR: ", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]21 return NEW_ATR
22 elif (inpt == CMD_SEL_FILE):
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]23 print("CMD_SEL_FILE:", inpt)
24 return CMD_SEL_ROOT
25 elif (inpt == CMD_GET_DATA):
26 print("CMD_DATA:", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]27 return CMD_SEL_ROOT
28 else:
29 return inpt
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]30
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]31def poll_ep(dev, ep):
32 try:
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]33 return dev.read(ep, 64, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]34 except usb.core.USBError as e:
35 if e.errno != ERR_TIMEOUT:
36 raise
37 return None
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]38
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]39def write_phone(dev, resp):
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]40 print("WR: ", HEX(resp))
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]41 dev.write(PHONE_WR, resp, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]42
Christina Quast020e5d62015-05-14 18:11:23 +0200[diff] [blame]43def do_mitm(dev, sim_emul=True):
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]44 if sim_emul == True:
45 my_class = SmartCardEmulator
46 else:
47 my_class = SmartcardConnection
48 with closing(my_class()) as sm_con:
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]49 atr = sm_con.getATR()
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]50
51 apdus = []
52 apdu = Apdu_splitter()
53
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]54 while True:
55 cmd = poll_ep(dev, PHONE_INT)
56 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]57 print("Int line ", HEX(cmd))
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]58 assert cmd[0] == ord('R')
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]59# FIXME: restart card anyways?
60# sm_con.reset_card()
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]61 print("Write atr: ", HEX(atr))
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]62 write_phone(dev, replace(atr))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]63 apdus = []
64 apdu = Apdu_splitter()
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]65
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]66 cmd = poll_ep(dev, PHONE_RD)
67 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]68 print("RD: ", HEX(cmd))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]69 for c in cmd:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]70 if apdu.state == apdu_states.APDU_S_FIN:
71 apdus.append(apdu)
Christina Quast425717d2015-05-14 17:20:55 +0200[diff] [blame]72 gsmtap_send_apdu(apdu.buf)
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]73 apdu = Apdu_splitter()
74
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]75 apdu.split(c)
Christina Quast08ea8612015-05-03 16:34:32 +0200[diff] [blame]76 if apdu.state == apdu_states.APDU_S_FIN and apdu.pts_buf == [0xff, 0x00, 0xff]:
Christina Quastb6e005c2015-05-04 15:28:03 +0200[diff] [blame]77 #sim_data = sm_con.send_receive_cmd(apdu.pts_buf)
78 #write_phone(dev, replace(array('B', sim_data)))
79 write_phone(dev, replace(array('B', apdu.pts_buf)))
Christina Quast08ea8612015-05-03 16:34:32 +0200[diff] [blame]80 continue;
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]81
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]82 if apdu.state == apdu_states.APDU_S_SW1:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]83 if apdu.data is not None and len(apdu.data) == 0:
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]84 # FIXME: implement other ACK types
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]85 write_phone(dev, replace(array('B', [apdu.ins])))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]86 apdu.split(apdu.ins)
87 else:
88 sim_data = sm_con.send_receive_cmd(apdu.buf)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]89 write_phone(dev, replace(sim_data))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]90 for c in sim_data:
91 apdu.split(c)
Christina Quastca0ebfd2015-06-19 13:29:14 +0200[diff] [blame]92 if apdu.state == apdu_states.APDU_S_SEND_DATA:
93 sim_data = sm_con.send_receive_cmd(replace(apdu.buf))
94 #sim_data.insert(0, apdu.ins)
95 write_phone(dev, replace(sim_data))
96 #apdu.state = apdu_states.APDU_S_SW1
97 for c in sim_data:
98 apdu.split(c)